Re: GnuTLS/NSS interop in Exim 4.80 RC

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS/NSS interop in Exim 4.80 RC

From:	Patrick Pelletier
Subject:	Re: GnuTLS/NSS interop in Exim 4.80 RC
Date:	Tue, 22 May 2012 02:15:00 -0700

On May 22, 2012, at 1:38 AM, Janne Snabb wrote:

Even if the hard
limit in NSS is fixed quickly, this will be a burden for TLS serverside
developers for many years to come.

It almost seems like a new TLS extension should be proposed, where theclient can tell the server how many bits of DH it is willing toaccept. (Similar in spirit, although simpler than, the extension usedto negotiate curves for elliptic curve.) If the client sends theextension, then the server can know with confidence what size of DHparams are acceptable. If the client doesn't send the extension, theserver can make a conservative assumption. (Probably 2236 bits.)

Without such an extension, it seems like TLS servers that areconcerned about interoperability (such as on the Web) will have toavoid exceeding 2236 bits for quite a long time.


--Patrick

[Prev in Thread]

Current Thread

[Next in Thread]

Re: GnuTLS/NSS interop in Exim 4.80 RC, (continued)

Prev by Date: Re: GnuTLS/NSS interop in Exim 4.80 RC
Next by Date: Re: GnuTLS/NSS interop in Exim 4.80 RC
Previous by thread: Re: GnuTLS/NSS interop in Exim 4.80 RC
Next by thread: Re: GnuTLS/NSS interop in Exim 4.80 RC
Index(es):
- Date
- Thread